Release 2.2.2.3

The following sections describe known issues and issues fixed in this release.

We introduced a feature to provide Administrators with fine grained control over Portal Visitors' access to the AJAX API or Platform. Newly created portals have AJAX API permissions disabled by default.

In light of these new features, we advise reviewing your existing portal AJAX API permissions.

PSC00311812

Fixed an issue where AJAX API rbf_updateRecord() incorrectly set default parameter values to NULL.

Known Issues

PSC0000914D - When manually upgrading to Platform 2.2.2.3, consider the following:

• Stop Tomcat, and stop the database; then, remove war files and directories from 2.2.x.0 installation location, PAS_HOME\webapps directory; and, copy 2.2.2.3 war files to that location
  
  
• Copy and replace 2.2.x.0 lib directory with 2.2.2.3 lib directory; and, replace existing 2.2.x.0 language properties files which are in rollbase/res directory with 2.2.2.3 language properties

Security Considerations:

• This release addresses security threats concerning authentications and permissions identified in Platform; Private cloud customers should update as soon as possible.
  
  
• Default (out-of-box) webserver configurations can give rise to numerous security threats, including unauthorized access to your sensitive data, files, configuration(s), or similar content. Infinite Blue strongly recommends that private cloud customers apply the following Center for Internet Security (CIS) webserver lockdowns, listed by platform, to the fullest extent possible:

http://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.servers.web.apache (for Apache 2.2 and 2.4 webservers)

http://benchmarks.cisecurity.org/downloads/show-single/?file=iis56.100 (for Microsoft IIS 5 and/or Microsoft IIS 6 webservers)

http://benchmarks.cisecurity.org/downloads/show-single/?file=iis7.150 (for Microsoft IIS 7.x webservers)

http://benchmarks.cisecurity.org/downloads/show-single/?file=iis8.100 (for Microsoft IIS 8.x webservers)